CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/plugins/sqlmap.rb
Views: 1903
require 'sqlmap/sqlmap_session'1require 'sqlmap/sqlmap_manager'2require 'json'34module Msf5class Plugin::Sqlmap < Msf::Plugin6class SqlmapCommandDispatcher7include Msf::Ui::Console::CommandDispatcher89def name10'Sqlmap'11end1213def commands14{15'sqlmap_new_task' => 'Create a new task',16'sqlmap_connect' => 'sqlmap_connect <host> [<port>]',17'sqlmap_list_tasks' => 'List the knows tasks. New tasks are not stored in DB, so lives as long as the console does',18'sqlmap_get_option' => 'Get an option for a task',19'sqlmap_set_option' => 'Set an option for a task',20'sqlmap_start_task' => 'Start the task',21'sqlmap_get_status' => 'Get the status of a task',22'sqlmap_get_log' => 'Get the running log of a task',23'sqlmap_get_data' => 'Get the resulting data of the task',24'sqlmap_save_data' => 'Save the resulting data as web_vulns'25}26end2728def cmd_sqlmap_connect(*args)29if args.empty?30print_error('Need a host, and optionally a port')31return32end3334@host, @port = args3536if !@port37@port = '8775'38end3940@manager = Sqlmap::Manager.new(Sqlmap::Session.new(@host, @port))41print_good("Set connection settings for host #{@host} on port #{@port}")42end4344def cmd_sqlmap_set_option(*args)45unless args.length == 346print_error('Usage:')47print_error('\tsqlmap_set_option <taskid> <option_name> <option_value>')48return49end5051unless @manager52print_error('Please run sqlmap_connect <host> first.')53return54end5556val = args[2] =~ /^\d+$/ ? args[2].to_i : args[2]5758res = @manager.set_option(@hid_tasks[args[0]], args[1], val)59print_status("Success: #{res['success']}")60end6162def cmd_sqlmap_start_task(*args)63if args.empty?64print_error('Usage:')65print_error('\tsqlmap_start_task <taskid> [<url>]')66return67end6869options = {}70options['url'] = args[1] if args.length == 27172if !options['url'] && @tasks[@hid_tasks[args[0]]]['url'] == ''73print_error('You need to specify a URL either as an argument to sqlmap_start_task or sqlmap_set_option')74return75end7677unless @manager78print_error('Please run sqlmap_connect <host> first.')79return80end8182res = @manager.start_task(@hid_tasks[args[0]], options)83print_status("Started task: #{res['success']}")84end8586def cmd_sqlmap_get_log(*args)87unless args.length == 188print_error('Usage:')89print_error('\tsqlmap_get_log <taskid>')90return91end9293unless @manager94print_error('Please run sqlmap_connect <host> first.')95return96end9798res = @manager.get_task_log(@hid_tasks[args[0]])99100res['log'].each do |message|101print_status("[#{message['time']}] #{message['level']}: #{message['message']}")102end103end104105def cmd_sqlmap_get_status(*args)106unless args.length == 1107print_error('Usage:')108print_error('\tsqlmap_get_status <taskid>')109return110end111112unless @manager113print_error('Please run sqlmap_connect <host> first.')114return115end116117res = @manager.get_task_status(@hid_tasks[args[0]])118119print_status("Status: #{res['status']}")120end121122def cmd_sqlmap_get_data(*args)123unless args.length == 1124print_error('Usage:')125print_error('\tsqlmap_get_data <taskid>')126return127end128129@hid_tasks ||= {}130@tasks ||= {}131132unless @manager133print_error('Please run sqlmap_connect <host> first.')134return135end136137@tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']138139print_line140print_status("URL: #{@tasks[@hid_tasks[args[0]]]['url']}")141142res = @manager.get_task_data(@hid_tasks[args[0]])143144tbl = Rex::Text::Table.new(145'Columns' => ['Title', 'Payload']146)147148res['data'].each do |d|149d['value'].each do |v|150v['data'].each do |i|151title = i[1]['title'].split('-')[0]152payload = i[1]['payload']153tbl << [title, payload]154end155end156end157158print_line159print_line tbl.to_s160print_line161end162163def cmd_sqlmap_save_data(*args)164unless args.length == 1165print_error('Usage:')166print_error('\tsqlmap_save_data <taskid>')167return168end169170unless framework.db && framework.db.usable171print_error('No database is connected or usable')172return173end174175@hid_tasks ||= {}176@tasks ||= {}177178unless @manager179print_error('Please run sqlmap_connect <host> first.')180return181end182183@tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']184185print_line186print_status('URL: ' + @tasks[@hid_tasks[args[0]]]['url'])187188res = @manager.get_task_data(@hid_tasks[args[0]])189web_vuln_info = {}190url = @tasks[@hid_tasks[args[0]]]['url']191proto = url.split(':')[0]192host = url.split('/')[2]193port = 80194host, port = host.split(':') if host.include?(':')195path = '/' + url.split('/')[3..(url.split('/').length - 1)].join('/')196query = url.split('?')[1]197web_vuln_info[:web_site] = url198web_vuln_info[:path] = path199web_vuln_info[:query] = query200web_vuln_info[:host] = host201web_vuln_info[:port] = port202web_vuln_info[:ssl] = (proto =~ /https/)203web_vuln_info[:category] = 'imported from sqlmap'204res['data'].each do |d|205d['value'].each do |v|206web_vuln_info[:pname] = v['parameter']207web_vuln_info[:method] = v['place']208web_vuln_info[:payload] = v['suffix']209v['data'].each_value do |i|210web_vuln_info[:name] = i['title']211web_vuln_info[:description] = res.to_json212web_vuln_info[:proof] = i['payload']213framework.db.report_web_vuln(web_vuln_info)214end215end216end217print_good('Saved vulnerabilities to database.')218end219220def cmd_sqlmap_get_option(*args)221@hid_tasks ||= {}222@tasks ||= {}223224unless args.length == 2225print_error('Usage:')226print_error('\tsqlmap_get_option <taskid> <option_name>')227end228229unless @manager230print_error('Please run sqlmap_connect <host> first.')231return232end233234arg = args.first235task_options = @manager.get_options(@hid_tasks[arg])236@tasks[@hid_tasks[arg]] = task_options['options']237238if @tasks[@hid_tasks[arg]]239print_good("#{args[1]} : #{@tasks[@hid_tasks[arg]][args[1]]}")240else241print_error("Option #{arg} doesn't exist")242end243end244245def cmd_sqlmap_new_task246@hid_tasks ||= {}247@tasks ||= {}248249unless @manager250print_error('Please run sqlmap_connect <host> first.')251return252end253task_id = @manager.new_task254if task_id['taskid']255t_id = task_id['taskid'].to_s256@hid_tasks[(@hid_tasks.length + 1).to_s] = t_id257task_options = @manager.get_options(t_id)258@tasks[@hid_tasks[@hid_tasks.length]] = task_options['options']259print_good("Created task: #{@hid_tasks.length}")260else261print_error("Error connecting to the server. Please make sure the sqlmapapi server is running at #{@host}:#{@port}")262end263end264265def cmd_sqlmap_list_tasks266@hid_tasks ||= {}267@tasks ||= {}268@hid_tasks.each_key do |task|269print_good("Task ID: #{task}")270end271end272end273274def initialize(framework, opts)275super276277add_console_dispatcher(SqlmapCommandDispatcher)278279print_status('Sqlmap plugin loaded')280end281282def cleanup283remove_console_dispatcher('Sqlmap')284end285286def name287'Sqlmap'288end289290def desc291'sqlmap plugin for Metasploit'292end293end294end295296297